Nelesh_N
asked on
Problem after rename of a domain controller
I've decommissioned and domain controller (dc5) and then after a day renamed another domain controller to dc5.
Picking up problems on one of the root dc's where it keeps the serverreference attribute as the old dc's name. Thought this would be easy...
dcdiag throwing machine account errors. have already done a dcdiag /fixmachineaccount
* LIB-DC5-JHB Server Reference is incorrect! Should be CN=LIB-DC5-JHB1,OU=Domain Controllers,DC=something,D
ldap_search_sW failed with 2: The system cannot find the file specified.
......................... LIB-DC5-JHB failed test MachineAccount
When I go into adsiedit on the root dc and try and change the serverreference attribute it defaults back to the old name.
Picking up problems on one of the root dc's where it keeps the serverreference attribute as the old dc's name. Thought this would be easy...
dcdiag throwing machine account errors. have already done a dcdiag /fixmachineaccount
* LIB-DC5-JHB Server Reference is incorrect! Should be CN=LIB-DC5-JHB1,OU=Domain Controllers,DC=something,D
ldap_search_sW failed with 2: The system cannot find the file specified.
......................... LIB-DC5-JHB failed test MachineAccount
When I go into adsiedit on the root dc and try and change the serverreference attribute it defaults back to the old name.
Did you actually demote the old DC5 before it was removed?
If so then a simple DCDIAG /fix may solve the problem
If so then a simple DCDIAG /fix may solve the problem
ASKER
Yes I did do a demotion to a member server. Will try.
ASKER
nope doesnt work.
ASKER
only one of the three root dc's that I have is picking up this problem.
What if you change the name to something else?
Then possibly change it back?
Strange one this.
Then possibly change it back?
Strange one this.
This server had FSMO roles and did you moved them?
ASKER
Yes they were moved...
You need to go to AD sites and services, enter in the site where DC5 was and remove all entries about him.
Then do the same on the DNS and AD users and computers on the domain controllers container.
I would suggest to give a different name, because sometimes conflicts may ocur with some objects that may have be with the ID of the demoted DC.
So if you can try to change it.
Then do the same on the DNS and AD users and computers on the domain controllers container.
I would suggest to give a different name, because sometimes conflicts may ocur with some objects that may have be with the ID of the demoted DC.
So if you can try to change it.
ASKER
So the problem is that there was a lib-dc5-jhb already in the environment, then a lib-dc5-jhb1 was introduced. The second machine is a hardware replacement for lib-dc5-jhb. I then did the dcpromo to remove lib-dc5-jhb - all went successfully. Then I renamed lib-dc5-jhb1 to lib-dc5-jhb. This is where the problem lies, I dont think AD likes the reuse of machine names. If I do a ntdsutil I dont see any refernce to lib-dc5-jhb1 but if I go to sites and services on another dc which happens to hold fsmo roles and is in the root. Go to sites and services, if I go to properties on lib-dc5-jhb I still see the server name as lib-dc5-jhb1. If I try to change the serverreference in adsiedit it defaults back to lib-dc5-jhb1. Why it must be pulling this info from somewhere, I also looked at DNS and cannot find any reference to lib-dc5-jhb1...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Its the best solution because even if you remove all entries as stated there the possibility the remainings of the old SID lying arround and will create enough problems with the same name. If seen this too often and normally the best solution is to rename to a new name. Because the time consuming to solve AD issues sometimes is extremely high.
here is a great article on achieving what you need ;
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/72d5eda0-7185-4f97-a1cf-7952c12dc786